Big Adobe Breach Could Reach Credit Unions

Adobe, the big software company, announced this week that its network had been breached and information relating to 2.9 million customers, including credit card data, had been stolen along with information pertaining to numerous Adobe products.

That latter is believed to include source code – the cyber blueprint – for various Adobe titles, possibly including the popular Acrobat, according to reporting by security blogger Brian Krebs.

The impacts on credit unions may be substantial, sources told Credit Union Times on Friday.

Thus far Adobe has not disclosed which source code has been stolen. However, Krebs has reported that a senior Adobe official conceded Acrobat “may” be among the compromised apps.

In an interview, Trusteer security expert George Tubin shrugged off the theft of customer data, at least as far as credit unions go. Adobe has indicated that much of that data is encrypted, so it may be useless to the criminals and, beyond that, whatever pain there is will be limited to the finite group of individuals whose data was compromised.

The far bigger worry for credit unions, said Tubin, is the loss of the source code which may give cyber criminals more ability to capitalize on security flaws in Adobe’s products and the problem, said Tubin, is how widespread the use of them is in financial institutions.

He urged credit unions to make sure that they keep their Adobe products fully patched and updated and also to stay abreast of Adobe’s public announcements about the breach and the steps it is taking to remedy the losses.

Tubin said a byproduct down the road may be many more infected member and employee computers, as they innocently download Adobe files that may have been contaminated by corrupt instances of criminally modified Adobe software.